[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <AANLkTilUVDynDz3zGp-qKHdFDTh7QRtZ7z8b2DJpmuwS@mail.gmail.com>
Date: Sun, 4 Jul 2010 00:23:04 +0300
From: mitchell <mitchell@....bg>
To: MustLive <mustlive@...security.com.ua>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: File Download and DoS vulnerabilities in
Firefox, Internet Explorer, Chrome and Opera
Hello MustLive!
Since I got sick and tired of deleting your messages, I want to warn you
about a serious vulnerability that I found recently in your Collections of
Fun (Партнер проекту Websecurity.com.ua <http://websecurity.com.ua/> - веб
проект mlfun.org.ua):
# dig +short mlfun.org.ua
212.111.196.162
# dig +short shop.gps-info.com.ua
212.111.196.162
http://shop.gps-info.com.ua/admin/file_manager.php/login.php
Cheers!
# m.
On Sat, Jul 3, 2010 at 23:19, MustLive <mustlive@...security.com.ua> wrote:
> Hello Full-Disclosure!
>
> I want to warn you about File Download and Denial of Service
> vulnerabilities
> in Mozilla Firefox, Internet Explorer, Google Chrome and Opera. Earlier I
> already wrote about DoS vulnerabilities in different browsers via different
> protocol handlers. And now I'll tell about research concerned with attacks
> via protocols http and ftp which I made already in 2008 and published at
> 30.06.2010.
>
> -----------------------------
> Advisory: File Download and DoS vulnerabilities in Firefox, Internet
> Explorer, Chrome and Opera
> -----------------------------
> URL: http://websecurity.com.ua/4334/
> -----------------------------
> Affected products: Mozilla Firefox, Internet Explorer 6, Google Chrome,
> Opera. Other browsers can be vulnerable as well.
> -----------------------------
> Details:
>
> On 18th of September 2008 I found File Download and Denial of Service
> vulnerabilities in Firefox, Internet Explorer, Chrome and Opera. This
> research I begun after I found in September multiple Automatic File
> Download vulnerabilities in Google Chrome, which I wrote in details in the
> article Automatic File Download vulnerabilities in browsers
> (http://websecurity.com.ua/2438/).
>
> Goal of this research was to create a method of conducting File Download
> attacks in different browsers (and DoS attacks via SaveAs functionality).
> Which I called SaveAs attack.
>
> And even this attack (file saving) is not going automatically (as it took
> place in first versions of Chrome - in more new versions of its browser
> Google fixed this vulnerability, after my warnings, and browser asks before
> downloading files), but due to persistent showing of the window for file
> saving, the user can accidentally press at "Save" and save file. Unlike
> Automatic File Download in Chrome, this attack is working in different
> browsers (including in new versions of Chrome).
>
> So this method can be used for forced file saving at users' computer. And
> also this method can be used for conducting of DoS attacks (via creating of
> multiple windows for saving of files). File Download attack can lead to
> Code
> Execution, if user will later open file (malicious), which was saved by
> him.
>
> These File Download and DoS attacks are conducted via protocols http and
> ftp. I set in exploits the files at servers of Google (for http) and
> Microsoft (for ftp) - these companies have more server capacities for this
> task.
>
> Denial of Service vulnerabilities belong to type
> (http://websecurity.com.ua/2550/) blocking DoS and resources consumption
> DoS. These two attacks can be conducted as with using JS, as without it
> (via
> creating of a page with large quantity of iframes and in Chrome it's also
> possible to use frames).
>
> File Download and DoS:
>
>
> http://websecurity.com.ua/uploads/2010/Firefox,%20IE,%20Chrome%20&%20Opera%20DoS%20Exploit6.html
> (http protocol)
>
>
> http://websecurity.com.ua/uploads/2010/Firefox,%20IE,%20Chrome%20&%20Opera%20DoS%20Exploit7.html
> (ftp protocol)
>
> Both exploits work in Mozilla Firefox 3.0.19 (and besides previous
> versions,
> it must work in 3.5.x and 3.6.x), Internet Explorer 6 (6.0.2900.2180),
> Google Chrome 1.0.154.48 and Opera 9.52.
>
> In browsers Firefox, IE6 and Opera occur blocking and overloading of the
> system (and Firefox 3.0.1 was crashing). In Chrome occurs
> blocking of the browser. But both exploits don't work in IE8.
>
> Best wishes & regards,
> MustLive
> Administrator of Websecurity web site
> http://websecurity.com.ua
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists